The system must use a reverse-path filter for IPv4 network traffic when possible.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-22420	GEN003613	SV-45736r1_rule	ECSC-1	Medium

Description
Reverse-path filtering provides protection against spoofed source addresses by causing the system to discard packets with source addresses when the system has no route or if the route does not point towards the interface on which the packet arrived. Reverse-path filtering should be used whenever possible. Depending on the role of the system, reverse-path filtering may cause legitimate traffic to be discarded and should be used in a more permissive mode or not at all.

Description

Reverse-path filtering provides protection against spoofed source addresses by causing the system to discard packets with source addresses when the system has no route or if the route does not point towards the interface on which the packet arrived. Reverse-path filtering should be used whenever possible. Depending on the role of the system, reverse-path filtering may cause legitimate traffic to be discarded and should be used in a more permissive mode or not at all.

STIG	Date
SUSE Linux Enterprise Server v11 for System z	2012-12-13

Details

Check Text ( C-43100r1_chk )
Verify the system configured to use a reverse-path filter for IPv4 network traffic. # grep [01] /proc/sys/net/ipv4/conf/*/rp_filter\|egrep "default\|all" If all of the resulting lines do not end with "1", this is a finding.

Fix Text (F-39136r1_fix)
Configure the system to use a reverse-path filter for IPv4 network traffic. Edit /etc/sysctl.conf and add a setting for "net.ipv4.conf.all.rp_filter=1" and "net.ipv4.conf.default.rp_filter=1". # sysctl -p